CVE-2025-66916

RuoYi-Vue-Plus · RuoYi-Vue-Plus

The snailjob component in RuoYi-Vue-Plus fails to filter user input in the check-node-expression interface, allowing arbitrary file read/write operations via QLExpress.

Executive summary

RuoYi-Vue-Plus contains a critical vulnerability in the snailjob component that allows attackers to perform arbitrary file read and write operations.

Vulnerability

The /snail-job/workflow/check-node-expression interface fails to properly sanitize user-supplied input, allowing the exploitation of QLExpress expressions to manipulate the File class for arbitrary file system access.

Business impact

An attacker can read sensitive configuration files or overwrite system files, potentially leading to full system takeover or sensitive data exposure. With a CVSS score of 9.4, this vulnerability represents an urgent threat that could be leveraged to gain persistence or elevate privileges.

Remediation

Immediate Action: Update the RuoYi-Vue-Plus framework to the latest version where the snailjob input validation is corrected.

Proactive Monitoring: Monitor application logs for suspicious input patterns directed at the /snail-job/ endpoint and look for unexpected file modification activities.

Compensating Controls: Restrict access to the affected interface through network-level controls or WAF rules if immediate patching is not feasible.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

The ability to perform arbitrary file operations constitutes a severe threat to system integrity. Security teams should prioritize patching this component immediately and audit the system for any signs of prior unauthorized access.